Rate Limits in case of PAT


Regarding rate limits, the API doc says “Limits are allocated per authorization token”. How do rate limits work for PAT, especially when the PAT account is used to run query on various accounts?

My use case: I have a bot account that operates in clients organizations, and I would be surprised/quite bothered by my bot hitting rate limits overall instead of “per organization”.

Thanks for the clarification Asana!

1 Like

Hey @Bastien_Siebman, great to hear from you! Sorry for the delay in getting back to you.

Our rate limits are for the combination of (user, app, organization). In other words, one user using one app in one organization might get throttled, but that user may not be throttled in a separate organization or when using a different app. The set of all three are used for the “bucket” of our rate limits.

When it comes to PATs and bot accounts, then, if that one PAT does a lot of API work in a single organization it may use its allocation up: it’s a single app, acting as a single user (the bot account), in a single organization. This is one reason that it can be beneficial to use a “regular” OAuth app: that app can be authorized and behave as multiple users (and therefore gets a rate limit allocation for each user). That being said, I don’t believe it should be true that one PAT working across multiple organizations would have its own single pool of requests for all of those organizations.

I hope that helps! Let me know if you have any follow-up questions!

Thanks for following up. I decided to move forward while waiting. I went ahead and created as many accounts as clients, so that each one will have their own threshold.